krb5-clients/1086: Segmentation fault in krb5_timeofday - krb5-1.2.2 on Solaris 5.8

Operations Research martin at orie.cornell.edu
Thu Apr 4 11:18:41 EST 2002


>Number:         1086
>Category:       krb5-clients
>Synopsis:       Segmentation fault in krb5_timeofday - krb5-1.2.2 on
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    krb5-unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Fri Apr  5 04:42:01 EST 2002
>Last-Modified:
>Originator:     William Martin
>Organization:
Cornell University
>Release:        1.0-development
>Environment:
        <machine, os, target, libraries (multiple lines)>
System: SunOS critical 5.8 Generic_108528-09 sun4u sparc SUNW,Ultra-5_10

Machine: Ultra 10
>Description:

I am using the Apache mod_auth_kerb module under apache_1.3.24.  I
have installed krb5-1.2.2 on a Solaris 5.8 system. When I access the 
page that requires kerberos authentication, I get a segmenation fault:

[Fri Apr  5 03:50:24 2002] [notice] Apache/1.3.24 (Unix) mod_perl/1.26
AuthMySQL/2.20 PHP/4.1.2 mod_ssl/2.8.8 OpenSSL/0.9.6 configured --
resuming normal operations
[Fri Apr  5 03:50:24 2002] [notice] Accept mutex: fcntl (Default: fcntl)
[Fri Apr  5 03:50:34 2002] [notice] child pid 21398 exit signal
Segmentation Fault (11)

I recompiled kerberos with gcc version 2.95.2 19991024 (release) with the
-gstabs+ flag to genetate extra debugging information.  When I ran Apache
under the gdb debugger, I find that the problem is in the kerberos
krb5_timeofday function because the "context" parameter is NULL.  I have
traced this back to line 691 in the kerb_validate_user_pass_V5 function,
where kcontext pointer is not being initialized. I am also getting this
error in the latest release of Kerberos (krb5-1.2.4).  Has anyone
experienced this problem and, more important, found a solution? 

Here is the gdb debugging information:

# gdb ./httpd
GNU gdb 5.1.1
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you 
are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for 
details.
This GDB was configured as "sparc-sun-solaris2.8"...
(gdb) run -X
Starting program: /export/home/apache_modssl/bin/./httpd -X
[New LWP 1]
[New LWP 2]
[New LWP 3]
[New LWP 4]
[Thu Apr  4 11:04:25 2002] [warn] NameVirtualHost 128.84.138.120:911 has 
no VirtualHosts
[Thu Apr  4 11:04:25 2002] [warn] NameVirtualHost 128.84.138.120:411 has 
no VirtualHosts
[Thu Apr  4 11:04:25 2002] [warn] NameVirtualHost 
critical.orie.cornell.edu:443 has no VirtualHosts

Program received signal SIGSEGV, Segmentation fault.
0x00298ec4 in krb5_timeofday (context=0x0, timeret=0xffbef53c)
    at timeofday.c:44
44          krb5_os_context os_ctx = context->os_context;
(gdb) bt   
#0  0x00298ec4 in krb5_timeofday (context=0x0, timeret=0xffbef53c)
    at timeofday.c:44
#1  0x001c7230 in kerb_validate_user_pass_V5 (r=0x4e4dc8, 
    sent_pw=0x5173ed "esoom3") at mod_auth_kerb.c:697
#2  0x001c8918 in kerb_authenticate_user (r=0x4e4dc8) at 
mod_auth_kerb.c:1502
#3  0x00224fa4 in run_method (r=0x4e4dc8, offset=7, run_all=0)
    at http_config.c:369
#4  0x002251e4 in ap_check_user_id (r=0x4e4dc8) at http_config.c:421
#5  0x0024407c in process_request_internal (r=0x4e4dc8) at 
http_request.c:1255
#6  0x002444b4 in ap_process_request (r=0x4e4dc8) at http_request.c:1324
#7  0x00237708 in child_main (child_num_arg=0) at http_main.c:4656
#8  0x002379c4 in make_child (s=0x4e0d98, slot=0, now=1017936266)
    at http_main.c:4780
#9  0x00237be0 in startup_children (number_to_start=5) at 
http_main.c:4862
#10 0x00238610 in standalone_main (argc=2, argv=0xffbefbcc) at 
http_main.c:5167
#11 0x00239270 in main (argc=2, argv=0xffbefbcc) at http_main.c:5527
(gdb) 

Breakpoint 1, kerb_validate_user_pass_V5 (r=0x4e4dc8, 
    sent_pw=0x5173ed "esoom3") at mod_auth_kerb.c:691
691        krb5_init_ets(kcontext);
(gdb) print kcontext
$14 = 0x0

# ldd ./httpd
        libkrb5.so.3 =>  /usr/lib/libkrb5.so.3
        libk5crypto.so.3 =>      /usr/lib/libk5crypto.so.3
        libcom_err.so.3 =>       /usr/lib/libcom_err.so.3
        libmysqlclient.so.10 =>
/usr/local/mysql/lib/mysql/libmysqlclient.so.10
        libz.so =>       /usr/lib/libz.so
        libpam.so.1 =>   /usr/lib/libpam.so.1
        libdl.so.1 =>    /usr/lib/libdl.so.1
        libncurses.so.5 =>       /usr/lib/libncurses.so.5
        libcrypt_i.so.1 =>       /usr/lib/libcrypt_i.so.1
        libresolv.so.2 =>        /usr/lib/libresolv.so.2
        libm.so.1 =>     /usr/lib/libm.so.1
        libsocket.so.1 =>        /usr/lib/libsocket.so.1
        libnsl.so.1 =>   /usr/lib/libnsl.so.1
        libpthread.so.1 =>       /usr/lib/libpthread.so.1
        libc.so.1 =>     /usr/lib/libc.so.1
        libiconv.so.2 =>         /usr/lib/libiconv.so.2
        libgcc_s.so.1 =>         /usr/lib/libgcc_s.so.1
        libgen.so.1 =>   /usr/lib/libgen.so.1
        libmp.so.2 =>    /usr/lib/libmp.so.2
        libthread.so.1 =>        /usr/lib/libthread.so.1
        /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1

# ./httpd -l
Compiled-in modules:
  http_core.c
  mod_env.c
  mod_log_config.c
  mod_mime.c
  mod_negotiation.c
  mod_status.c
  mod_info.c
  mod_include.c
  mod_autoindex.c
  mod_dir.c
  mod_cgi.c
  mod_asis.c
  mod_imap.c
  mod_actions.c
  mod_userdir.c
  mod_alias.c
  mod_rewrite.c
  mod_access.c
  mod_auth.c
  mod_cern_meta.c
  mod_expires.c
  mod_headers.c
  mod_so.c
  mod_setenvif.c
  mod_ssl.c
  mod_php4.c
  mod_auth_kerb.c
  mod_auth_mysql.c
  mod_perl.c
suexec: disabled; invalid wrapper /export/home/apache_modssl/bin/suexec


Thank you for your help,

-- Bill Martin --


>How-To-Repeat:
       Rerun Apache and access page that uses mod_auth_kerb
>Fix:

>Audit-Trail:
>Unformatted:
Solaris 5.8



More information about the krb5-bugs mailing list